Hackers Undermine Piracy Evidence With Hadopi Router

Written by enigmax on July 09, 2009 

Yesterday we reported that a provision in the revamped French “3 strikes” bill will allow for the punishment of ISP account holders for the copyright infringing actions of others. Now a group of hackers has set out to compromise WiFi routers en masse, in order to create an environment of plausible deniability.

It seems that one way or another President Sarkozy is determined to bring a “3 strikes” regime to France. After underlining his determination during an historic speech to parliament in June, yesterday saw a revised bill accepted by the Senate.

Aside from punishing actual file-sharers, the bill allows the courts to take measures against people who have done no sharing, but are accused simply because they are the one paying the ISP bill. If the court decides that an account holder is guilty of “negligence” – by somehow allowing others to file-share on their connection – it is within a judge’s power to issue a fine up to 1,500 euros along with a 4 week disconnection.

Now, according to Le Monde, some French hackers have come together to throw confusion into the mix, so that punishing these individuals is not a straightforward or guaranteed accurate procedure.

A hacker known only as ‘N’ says he has developed some software known as ‘Hadopi Router’, a term first penned by bloggers who devised the concept. ‘N’, who is said to have previously worked manufacturing routers, says he and a few friends wrote ‘Hadopi Router’ in order to prove that the evidence gathered by the Hadopi agency is unreliable.

“It locates Wi-Fi networks in the neighborhood, then begins to crack all their passwords,” says ‘N’. “Once we have the keys, we can create a virtual access point,” which in basic terms means using the Internet connection without the account holder’s knowledge.

‘N’ says that if an ‘owned’ router has its password changed, the system automatically switches to another Wi-Fi signal in the neighborhood and starts to attack the new password.

Additionally, ‘N’ claims that with Hadopi Router it is possible to monitor activity on the cracked networks but one of his accomplices called ‘V’ says they have no bad intentions.

“We just want to release our software and allow everyone to understand that the technical data used by the Hadopi agency to accuse people will not be reliable. Because of us, the judges will not be able to say that they weren’t aware of that.”

‘N’ says he is already imagining a more ambitious strategy to distribute many dozens of modified routers to a community in order to create a “mini-network”, superimposed over existing ones.

Of course, many wireless routers already have either a complete lack of security or weak WEP encryption enabled, making them sitting ducks for drive-by infringements or less casual ones conducted by neighbors within range.

An IP address does not necessarily identify an individual, in fact one could argue that in many instances these days it doesn’t even identify a computer but merely a gateway to a sub network, behind which could be any number of individuals not linked in any way to a bill payer.

Time will tell how French judges will rule in these “negligence” cases, especially when they have just 5 minutes to do so.

Previously: Kazaa Uses RIAA Victim Jammie Thomas in PR-Campaign

Next: Mininova Denied Rectification From Dutch Government

55 Responses

1 Jul 09, 2009 at 20:39 by Helter

From the site;
“As an effort to try and show how absurd this law is in today’s world I put up a fake page (in French) selling the “Hadopi router” that automatically cracks passwords of the nearby Wifi networks and connects to them to download torrents.

It’s a dumb joke, but I think it does point out a little bit of the absurdity of the law :-) Comments and suggestions welcome!”

2 Jul 09, 2009 at 20:39 by Blackhole

Nice :)
I hope they will release this software.

3 Jul 09, 2009 at 20:43 by aasw

Now this is what I’m talking about!

4 Jul 09, 2009 at 20:45 by whola

It’s a joke… and it’s old news…

5 Jul 09, 2009 at 20:46 by Yep

If you want them to release this software and you’re not in france, then you probably want to steal your neighbor’s connection :(

6 Jul 09, 2009 at 20:53 by Blackhole

No, I’m just afraid that downloading will become illegal in Holland.

Stupid Geert Wilders grr.

7 Jul 09, 2009 at 20:57 by nice

I was just talking about this in the last TF article!

WOOT!

Theres enough UNSECURED wireless to do the same amount of damage.. this just makes it even better..

Go FORTH my minions! We stand for freedom! We defend our free internet, no matter what the cost!

Trust in Chaos!

8 Jul 09, 2009 at 20:59 by maff

Yep, that was a joke, but it is feasible… Maybe someone has taken the task to make it a reality…

9 Jul 09, 2009 at 21:14 by haha

In Ireland, all you need are the lyrics to a Hendrix song to crack routers’ passwords in under a second.

http://www.bacik.ie/eircomwep/howto.html

10 Jul 09, 2009 at 21:20 by Max Headshroom

Get the software to spoof the IP addresses as the French Justice Ministry, and then let them try and disconnect themselves…

11 Jul 09, 2009 at 21:38 by phishybongwaters

backtrack linux

google it, download it, use it to crack WEP and WPA/WPA2

tho, you have to keep in mind, even if you are hacked, all ISPs state in the agreement you didn’t actually read or sign, that anything that happens on your connection is your liability

So having an unsecured router at home will help with plausible deniability, but you are technically still liable.

The best “free” method is to crack as many wifi networks as you can around you, and bridge the connections, most laptops only have 1 built in, or minipci, wifi card, BUT you can buy USB wifi cards and pc card wifi adapters.

For a standard laptop, this would allow for 5 different wifi connections at once.

In windows, it’s a simple matter of selecting the connections in network devices, and right clicking then selecting “bridge”

Anyways, is TF gonna keep posting fake news? Maybe at least READ what you are posting first? Then MAYBE put a disclaimer explaining it’s fake?

Seriously

12 Jul 09, 2009 at 21:38 by Go Pirates!

@3 you fail.

this is an excellent idea =) i personally know quite a few people who actually do use another persons network for their downloading. in fact i even know 1 person who doesnt even subscribe to an internet plan he just steals it from his neighbours. (and all of them are password protected as well) it really does show how someones ip address really isnt solid evidance against the subscriber anymore

13 Jul 09, 2009 at 21:44 by Filip

Mmmh… Would be nice to have… Then put it in the Ubuntu repostories and include it in the latest release. Would be really nice.

14 Jul 09, 2009 at 21:50 by Anonymous

Obligatory xkcd: http://xkcd.com/416/

15 Jul 09, 2009 at 22:05 by Anonymous

So every single TOR exit-node in France is “negligent” then?

I think it’s about time for a new revolution, vive la guillotine!

16 Jul 09, 2009 at 22:12 by Reventon

Some guy in Britain did a similar thing with car clamping. Its illegal to cut them off so he put up a website claiming to come round and cut people’s clamps off.

I dont think he did much but people could claim he cut it off and not them ;)

This sounds like an identical plan, nice effort

17 Jul 09, 2009 at 22:22 by Anonymous

They need to find the homes of every member of parliament, senate, and the judges that will be hearing these cases.

When they find one that has a Wireless router, break the password and pirate as much as they can. Rinse and Repeat.

I forsee their enthusiasm, for the law, start to wane when they get disconnected.

18 Jul 09, 2009 at 22:31 by Anonymous

Wow, N? Is he a Death Note fan? lol.

19 Jul 09, 2009 at 22:50 by again`

There are a few possible problems with this the main one being that a judge can still sentence someone even if they prove they did not commit the offense or through a 3rd party. This sounds like a great way to fight back in theory but in practice it might actually hurt more people especially to begin with. maybe in the long run of things after a few months of people complaining that they didnt do this or that, but in the short fall of things it can possible hurt the people.. nice idea though

20 Jul 09, 2009 at 23:38 by Blahonga

again: A good idea would obviously be getting as many people as possible to just share their connections. If people are worried about security: do as I do, segment your network, one segment encrypted for private use and another one, separate from the first, completely open. If You don’t want to buy (or can’t afford) a router with possibilites for more than one network segment you can possibly afford a second cheap router. Now I haven’t read the text of the HADOPI, but normally the concept of “innocent until proven guilty” should apply. Sharing your connection (and IP-number)is presumably not criminal, even though it may be in breach of the contract with Your ISP.

21 Jul 10, 2009 at 00:06 by vyvyan

@10 You won’t believe it but I just thought “Which song will I try first?” Bingo! I thought of “Third Stone from the Sun” rotf

22 Jul 10, 2009 at 00:29 by Me:D

I really hate France! And just because some guy make a software to crack the password on a router isn’t anything new (Those software have existed in many years!)

@3 anon: You should be banned!!

23 Jul 10, 2009 at 01:15 by Anonymous

@26

“@3 anon: You should be banned!!”

Do not feed the troll.

24 Jul 10, 2009 at 02:34 by Phoenix

that monkey french president SUX !

25 Jul 10, 2009 at 04:13 by Anonymous

http://74.125.95.132/search?q=cache:A8eqOSCePyAJ:www.manucornet.net/blog/introducing-the-hadopi-router/+hadopi+router&cd=3&hl=en&ct=clnk&gl=us

Nice job on your research, Torrent Freak. Damn.

26 Jul 10, 2009 at 04:49 by again`

@22 but this is not how the french law are seeing it.

ISP account holders who find themselves accused over the infringements of a 3rd party could be found guilty of “negligence”, risking a maximum 1,500 euro fine and a 4 week disconnection.
so innocent until proven guilty doesn’t apply

@18 you have the right idea target the morons who are starting this and use their own laws against them. The people that are going to enforce this law are the ones that need to be shown that this can and will happen to them just as much as anyone normal internet user.

27 Jul 10, 2009 at 05:24 by Anonymous

yep next they will fine you for negligence for getting robbed at the ATM because you “let your self be robbed”

28 Jul 10, 2009 at 06:06 by amaranthisasin

This is a fine idea to combat an unjust and silly law. The people should fight this in every way they can.

The ISPs should be fighting along side. This is going to end up hurting their bottom line. They are about to become the dog at the end of a mad man’s leash.

29 Jul 10, 2009 at 06:51 by iuh

Would a router with hidden SSID, WPA2 and Mac filtering be vulnerable to this?

30 Jul 10, 2009 at 07:05 by skirrie

I wonder how anyone could see a 5 minute judgment call as justice.. suppose you’d have to have your head really far up your behind to be able to see sense in it.

anyways.. there’s like 7 unprotected wireless networks near me, (seriously.. mine’s the only encrypted one in the whole neighborhood) so its good to see some people that make some sense.

31 Jul 10, 2009 at 07:19 by anonymouse

Le Monde is a big reference paper in france, so im pretty sure they did their research. I dont think this is a joke (but there is a gag site)

it would be rather simple to create something like this anyway-just write a program that automatically cracks WEP connections, and use the IP adress of the cracking computer as an open proxy (therefore connecting from {you} to {server} to {zombie pc}) more or less TOR, without consent :) alot of wep passwords are simple to crack (with existing programs) and there are *tons* of unlocked wifi’s

32 Jul 10, 2009 at 07:29 by No-IPv6

“‘N’ says he is already imagining a more ambitious strategy to distribute many dozens of modified routers to a community in order to create a “mini-network”, superimposed over existing ones.”

well ‘N’ should try a lit harder…

if oyu want ot do something werthwhile ‘N’ and ‘Y’ then write a generic virtual ‘Bonded’ wireless network that can take ’several’ wireless WAN conections and make a massive Vnet pipe in both down and up load directions, in a simple one time executable script including all the apps needed would be a very good thing to make….for anyone to use with all their mates withing wireless range of each other ;)

and post a direct link HERE in this thread so we can try it…

33 Jul 10, 2009 at 07:51 by Kawazoe

Canadian iSP solved those issues long ago! Every peer to peer transfer is capped to 25kbps. As a result, you can’t host any server of any kind. No way to share anything since technicaly, a server, even as big as a super computer, is still a peer.

That’s the law here.

34 Jul 10, 2009 at 07:52 by anonymouse

ps – I heard someone has already broken into Christine Albanel’s connextion (last minister of culture)

and lets not forget the UMP (Sarko’s party) use of a campaign song without permission (ok, so I forget which song ;) )

35 Jul 10, 2009 at 08:01 by anonymouse

@37

um. which ISP are you on, where do you live? im with Shaw, works fine. I get download speed routinely bw 1-1.5mb (if its a good torrent) its the upload thats capped at 50kb/s (for me anyway)

36 Jul 10, 2009 at 08:12 by dhfd

@37

haha, its much better in the netherlands, max download 7,5 megabyte/second(though torrents mostly don’t go higher than 2, usenet and rapidshare reech 7 easily) and 750kilobyte/sec upload, torrents can reach that easily to :)

37 Jul 10, 2009 at 09:34 by No-IPv6

“37 Jul 10, 2009 at 07:51 by Kawazoe
Canadian iSP solved those issues long ago! Every peer to peer transfer is capped to 25kbps. As a result, you can’t host any server of any kind. No way to share anything since technicaly, a server, even as big as a super computer, is still a peer.

That’s the law here.”

it not the law, but you should research that better….

to solve your slow problem you should get/buy yourself a VPN connection and start using your payed for bandwidth far closer to its full potential….

strongVPN or any other you care to search for, its all good, hell you might even be better to just get a free ipV6 tunnel for your torrents etc, and be happy….

http://go6.net/4105/freenet.asp

38 Jul 10, 2009 at 09:56 by phail...

@ 33
Quote: Would a router with hidden SSID, WPA2 and Mac filtering be vulnerable to this?

Yes
1) Hidden SSID – De-auth connected Clients OR MDK3 to brute force the SSID.

2) WPA2 – You would want to make the WPA2 key as long as possible (Upto 63). WPA/WPA2 can be brute forced hacked, BUT they take a VERY long time (Years). Note: Generalisation.

3) macchanger on Linux – spoof Mac. For windows google it.

Note: There are other “possibilities” to obtain a WEP/WPA/WPA2 key – google Airbase, metaploit for example.

SKY uk, use a key generated from the SSID, which is broadcast en clar. The algorithm has been reversed engineered. Again, google it.

My preferred option is to run an OPEN wifi node, and record the traffic passing through it. Plausible deny ability. Though you will probably break interception laws… But hey fukk em :) Proof is proof that you are not the only “user” of the wifi node.

Class over.

39 Jul 10, 2009 at 12:32 by chevron

I run a wired network, but have attached a wireless router with a limited bandwidth (40k/s) but no other restrictions (other than a robust firewall box between that and my home bnetwork). As I see it, that’s a service to my neighbours (or anyone passing) that requires a connection but for whatever reason doesn’t have one.

How can “letting people have access” be negligent? Its not nearly wrong, being a service to the wider community. Think about it… if noone had secured wireless, noone would really need theirs secured, and we’d all be far better off (universal unregulated wifi coverage).

40 Jul 10, 2009 at 13:22 by Owo

It a fake from May, and Le Monde was caught by it just recently ;)

http://www.manucornet.net/blog/introducing-the-hadopi-router/
http://www.routeurhadopi.fr/

41 Jul 10, 2009 at 13:50 by Anonymous

The one thing people forget is that politicians don’t think the laws apply to them and make their own.

Compromising their networks it’s easy that is not difficult at ALL what is really difficult is exposing them, without exposure you can download all you want too and things will stay the same, you have to compromise the network and SHOW IT to the world, otherwise is just fooling around without real consequences.

42 Jul 10, 2009 at 13:58 by Anonymous

How can “letting people have access” be negligent? Its not nearly wrong, being a service to the wider community. Think about it… if noone had secured wireless, noone would really need theirs secured, and we’d all be far better off (universal unregulated wifi coverage).

Well we don’t need secure connections we need secure “channels” and a load balancing thingy to manage the bandwidth or else you could end up with the short end of the stick LoL

Other than that I don’t see why someone would bother to set up a password on a wireless router, it is not that important.

43 Jul 10, 2009 at 16:17 by Anonymous

If you want them to release this software and you’re not in france, then you probably want to steal your neighbor’s connection :(

how could you “steal” something intangible like an internet connection?

or someone’s identity?

or banking information?

you can’t.

remember, private banking information wants to be free…

44 Jul 10, 2009 at 18:39 by riffcat

I propose an grass roots open Wifi movement where everyone sets their SID to the same predetermined SID and their hub/switch/router is unsecured. It would also be great to have a simple way where any lay person could bridge their connections so bandwidth is distributed across all available participating connections in the vicinity.

We just need to set a date facebook, tweet, IRC, flyers in the neighborhood and media et cetera.

45 Jul 10, 2009 at 19:58 by silversurfer

totaly agree only way is to show em it does not work just telling em dont entra there tiny brains as thay just see the money side of tings
put it to em in a example of hard facts with a true working product then thay can not dissmiss it

well done lads 1 for the pirates

46 Jul 10, 2009 at 23:37 by Baguette

Hi all,
I live in France and am sad to say the big record labels have won since they are all personal friends of “ze dwarf”. I just hope people will massively hack all the orange and sfr hotspots and download as much as they can so that they end up paying huge fines.
Keep up the fight dont leave us french people alone.
Peace

47 Jul 11, 2009 at 02:35 by SomKen

Hmm… Sounds like something Hak5 would do.

48 Jul 11, 2009 at 03:41 by pariah

@39
@42

It is my understanding that when you leave your wifi network unprotected, you expose your router to hacking. Since remote desktop is enabled in most XP boxes, your computer can be compromised directly. Note the discussion on: http://www.leetupload.com/tutorials/

49 Jul 11, 2009 at 12:46 by Anonymous

as if the judges care? they rule u downloaded warez and if u dont like it u can appeal it.

ofcourse u will lose again because its france and its controlled by a dwarf idiot now

50 Jul 11, 2009 at 17:02 by steve

theres a site claiming to soon offer the software. Not sure if this is legit though. http://www.lazynewt.com

51 Jul 11, 2009 at 19:00 by Crypto9

Another solution to the p2p users might be steganography technology: http://stegoshare.sf.net

52 Jul 11, 2009 at 23:18 by Fabrice

According to hackers who where interviewed by Le Monde, the article is “full of shit”, the journalist even invented a character in his story. Even Numerama believed it and later published the real interview of the guys at tmp/lab.

Don’t believe what’s written in Le Monde, at least not their tech pages

http://www.numerama.com/magazine/13427-HostileWRT-le-vrai-nom-du-vrai-faux-routeur-Hadopi.html

53 Jul 12, 2009 at 10:36 by Entertane.com

http://www.entertane.com – the easiest site for torrents (movies, music, software, games, xxx) – faster, simpler – and you can search all your favorite torrent sites. No registration needed.

54 Jul 14, 2009 at 10:50 by Anonymous

This is a good effort to fight for freedom.

55 Jul 14, 2009 at 16:25 by Baguette

My ISP is called “free” (it isn’t btw) and they have a service that lets you connect to any “free” subscribers wifi network when their box is in range. So technically I can connect to some random guy’s box from nearly anywhere and download all the things I want from his dsl line. Since I have to log in to access the wifi service the judge will have to ask “free” for my account information. The big question is will the isps risk losing customers to comply or not.
The Spanish isps told the government to stick it I wish the French ones would have a lil bit of balls.

I am a bit extreme sometimes but if i hear that whole “if people dont pay for music and movies anymore this will be the end of creation” I’m gonna throw up.

22 references to this post

Responses are closed

All remaining responses will continue to be archived. Use the TorrentFreak forums if you want to discuss something.